A new Android zero day vulnerability exploit is now found in Android by Google’s own Project Zero team and is being used in the wild.
Newer versions of Android are found to be vulnerable, but the same was patched back in December of 2017 itself, in Android kernel versions 3.18, 4.14, 4.4 and 4.9.
Pixel, Samsung, Huawei and Xiaomi devices are found to be vulnerable to this exploit.
According to Google, the vulnerability influences the Pixel 2, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5, Xiaomi A1, Oppo A3, Moto Z3, LG phones which are running Android Oreo and the Samsung S7, S8 and S9 which are running Android Oreo or higher.
The exploit requires little to no per-device customisation so it can impact even more Android smartphones. But the devices which are listed above have been tested and confirmed to be vulnerable to the zero-day by Google.
Details concerning who is the culprit of the Android zero-day are currently not confirmed, but Google’s TAG supposes that the Israel-based company NSO Group may be responsible.
Also Read: Best Wallpapers For Android
ZDNet stretched out to the group but they denied any association with the issue. This is what they said:
“NSO did not sell and will never sell exploits or vulnerabilities. This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives.”
Although this new Android vulnerability is not as serious as other zero-days, Google has cautioned its Android partners about the threat.
Here’s the complete list of devices affected by the zero-day vulnerability, which is flagged as high priority by Google
- Pixel 1/ Pixel 1 XL
- Pixel 2/ Pixel 2 XL
- Huawei P20
- Xiaomi Redmi 5A
- Xiaomi Redmi Note 5
- Xiaomi A1
- Oppo A3
- Moto Z3
- Android Oreo LG phones
- Samsung Galaxy S7
- Samsung Galaxy S8
- Samsung Galaxy S9
A patch is now available on the Android Common Kernel, so we can expect manufacturers to start providing updates soon.